Deniz Kizi
Deniz Kizi or Mermaid is a ransomware that runs on Microsoft Windows. It was discovered by Raby. It is aimed at English-speaking and Turkish users. It first emerged in the wild in late December 2019. Payload Transmission Deniz Kizi is distributed through spam email attachments that are disguised as useful documents. These ask uses to enable macro function to download the malicious payload. It is also distributed through software cracks and pirated software installers. These malicious files are usually downloaded from unsafe torrent or similar sites. The malicious installer Starter.exe bypasses the User Account Control feature that would warn users otherwise and immediately begins the infection process. Infection Several files dropped into %AppData% folder (svchost.exe), Task Manager and Windows startup disabled, Shadow Volume Copies deleted, startup repair disabled, Windows hosts file modified, services opened, etc. Once the preparations are complete, Deniz Kizi begins the encryption process, which renders files of 195 different file extensions inaccessible. Nevertheless, just like in the case of other file locking malware, system, executable, and a few other file types are skipped. For data encryption, ransomware uses a relatively rare encryption method – a combination of TR1224 and AES-256. This ensures secure encryption, reduced chances, or users recovering data without paying for Deniz_Kizi ransomware decryptor. Newest variants of Deniz Kizi also change the desktop wallpaper of the host machine, which shows a brief message written in Turkish, which claims that users should check the ransom note Lütfen Beni Oku!!!.log to find out more about what happened to their files. The English version of Deniz_Kizi ransom note states the following: FILES ARE ENCRYPTED: Hello! All your documents, photos, databases and other important files are ENCRYPTED! Do you really want to restore your files? If you want to unlock your data, you need to buy special decoding software! Write to our email – yardimail1@aol.com If you do not receive a reply within 24 hours, write to our additional email address – yardimail2@aol.com We”ll send you a complete instruction on how to decrypt all your files. * WHAT SHOULD I DO ?? First of all your files are NOT DAMAGED! Your files have been modified and encrypted with the TR1224 double encryption algorithm. This change is reversible. The only way to decrypt your files is to purchase the decipher tool that is special to you. Any attempt to irreversibly corrupt your files, and attempting to restore them with third-party software will be fatal to your files. * SO MY FILES WILL RETURN TO THE OLD STATE AND HOW SHOULD I PAY ??? To decode the password you have to buy our special decoding tool, we already said that. and the deciphering tool costs $ 400, you will pay by bitcoin and you must contact us for payment. Once the payment is made, we will send you the special decoding tool by email. and it is enough to run the. * FREE DECRYPT FILE!!! Free decryption as warranty! If you don”t believe in our service and want to see proof, you can ask us about the test for decryption. You send us up to 2 encrypted files. Use the file sharing service and Win-Rar to send files for testing. Files must be smaller than 1 MB (unarchived) and Files should not matter! Do not send us databases, backups or large excells. Files etc. We will decrypt and send back your decrypted files as proof! * HOW TO BUY BITCOINS ??? Bitcoins have two simple ways: Link1: hxxps://exmo.me/en/support#/1_3 Link2: hxxps://localbitcoins.net/guides/how-to-buy-bitcoins Read the information in these links carefully, because you may need to buy even large quantities. Note: Use translation for Turkish source. !!! ATTENTION !!! !!! If you do not pay within 2 days, you will not be able to recover your files forever. !!! Do not rename encrypted files. !!! Do not attempt to decrypt your data using third-party software, as this may cause permanent data loss. !!! Unraveling your files with the help of third parties can lead to increased prices and don”t trust anyone even your dog. * THE KEY REQUIRED FOR THE DECRYPT TOOL Don”t change these 2 key decryption tool for this 2 key required !!! and please note that these 2 keys are encrypted with the AES-256 encryption system. Key1: Category:Delphi Category:Ransomware Category:Win32 ransomware Category:Win32 Category:Win32 trojan Category:Microsoft Windows Category:Trojan Category:Virus Category:Win32 virus